Wednesday, February 10, 2016

I’ve received quite a few calls over the past year from clients and colleagues about situations where they had an existing single node NetScaler appliance deployed and decided to create an HA pair at a later time but noticed that adding a new NetScaler with no configuration to create the HA pair would wipe out the configuration of the existing node. This issue has happened to me as well in the past and it’s one of the worst situations to be in if you did not have backup so this blog post serves to demonstrate how to add a new node to create an HA pair while keeping the configuration.

First off, I’ve tested creating the HA pair by adding the other node from:

The node that already contains configuration

The node that does not contain configuration

Both yield the same results where the new NetScaler without any configuration would assume the Primary role for the Master State. The following screenshots demonstrates what happens when I add the NetScaler with the IP address 10.32.30.101 without any configuration to an existing NetScaler with configuration with the IP address 10.32.30.100:

Note how the NetScaler with the IP address 10.32.30.101 which contains no configuration has assumed the Primary role of the Master State thus wiping out the configuration of the existing NetScaler with configuration with the IP address 10.32.30.100. The result would be the same if you decided to use the NetScaler with configuration to add the other node without configuration.

Solution

To avoid having the new NetScaler with no configuration assume the Primary role of the Master State status, log onto the NetScaler appliance with no configuration, navigate to High Availability and open up the properties of the node:

From within the Configure HA Node properties window, change the High Availability Status from ENABLED(Actively Participate in HA) to STAY SECONDARY (Remain in Listen Mode):

With the new High Availability Status set to STAY SECONDARY (Remain in Listen Mode), proceed to add the node with the configuration:

Once added, you will see that the node without configuration will remain as Secondary while the newly added node with configuration is Primary:

Proceed by editing the properties of the Secondary node (the new NetScaler without configuration) and change the High Availability Status back to ENABLED(Actively Participate in HA):

You should now have a new NetScaler HA pair with the configuration of the single node appliance.

2/6/2016 12:35:56 PM] Starting Skype for Business Server 2015 Cumulative Update Installer, version 6.0.9319.102[2/6/2016 12:35:56 PM] Checking service status. This may take a couple minutes...[2/6/2016 12:35:57 PM] Exception: System.Management.Automation.CommandNotFoundException: The term 'Get-CsWindowsService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at SkypeServerUpdateInstaller.PowershellRunner.RunCmd(String script, ICollection`1& errors) at SkypeServerUpdateInstaller.PowershellRunner.RunScript(String scriptFileName, ICollection`1& errors) at SkypeServerUpdateInstaller.MachineStatusChecker.Check(String& errorMessage)[2/6/2016 12:35:57 PM] Embedded patch description: Update for Core Components[2/6/2016 12:35:57 PM] Embedded patch OcsCore.msp is referred by KB #3097644[2/6/2016 12:35:57 PM] Embedded patch OcsCore.msp can be researched at URL http://support.microsoft.com/?kbid=3097644[2/6/2016 12:35:57 PM] Embedded patch OcsCore.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {A766C25B-A1D1-4711-A726-AC3E7CA4AAB3} is at version 6.0.9319.102 and is associated with patch OcsCore.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] OcsCore.msp, version 6.0.9319.102 is up-to-date on this server.[2/6/2016 12:35:57 PM] Embedded patch description: Update for Core Runtime 64-bit[2/6/2016 12:35:57 PM] Embedded patch UcmaRuntime.msp is referred by KB #3097649[2/6/2016 12:35:57 PM] Embedded patch UcmaRuntime.msp can be researched at URL http://support.microsoft.com/?kbid=3097649[2/6/2016 12:35:57 PM] Embedded patch UcmaRuntime.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {902F4F35-D5DC-4363-8671-D5EF0D26C21D} is at version 6.0.9319.102 and is associated with patch UcmaRuntime.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] UcmaRuntime.msp, version 6.0.9319.102 is up-to-date on this server.[2/6/2016 12:35:57 PM] Embedded patch description: Update for Conferencing Attendant[2/6/2016 12:35:57 PM] Embedded patch Caa.msp is referred by KB #3097646[2/6/2016 12:35:57 PM] Embedded patch Caa.msp can be researched at URL http://support.microsoft.com/?kbid=3097646[2/6/2016 12:35:57 PM] Embedded patch Caa.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {73472766-329F-4fd8-91AF-458E702498CF} is at version 6.0.9319.102 and is associated with patch Caa.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] Caa.msp, version 6.0.9319.102 is up-to-date on this server.[2/6/2016 12:35:57 PM] Embedded patch description: Update for Conferencing Server[2/6/2016 12:35:57 PM] Embedded patch OCSMCU.msp is referred by KB #3097708[2/6/2016 12:35:57 PM] Embedded patch OCSMCU.msp can be researched at URL http://support.microsoft.com/?kbid=3097708[2/6/2016 12:35:57 PM] Embedded patch OCSMCU.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {6184864A-8DCD-44DE-885D-B6C0AF668033} is at version 6.0.9319.102 and is associated with patch OCSMCU.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] OCSMCU.msp, version 6.0.9319.102 is up-to-date on this server.[2/6/2016 12:35:57 PM] Embedded patch description: Update for Response Group Service[2/6/2016 12:35:57 PM] Embedded patch RGS.msp is referred by KB #3097643[2/6/2016 12:35:57 PM] Embedded patch RGS.msp can be researched at URL http://support.microsoft.com/?kbid=3097643[2/6/2016 12:35:57 PM] Embedded patch RGS.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {11CFB169-07EA-489D-BF8C-D8D29525720E} is at version 0.0 and is associated with patch RGS.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {11CFB169-07EA-489D-BF8C-D8D29525720E} is not installed on this server.[2/6/2016 12:35:57 PM] Embedded patch description: Update for Skype for Business Server 2015[2/6/2016 12:35:57 PM] Embedded patch Server.msp is referred by KB #3097645[2/6/2016 12:35:57 PM] Embedded patch Server.msp can be researched at URL http://support.microsoft.com/?kbid=3097645[2/6/2016 12:35:57 PM] Embedded patch Server.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {A593FD00-64F1-4288-A6F4-E699ED9DCA35} is at version 6.0.9319.0 and is associated with patch Server.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] Server.msp, version 6.0.9319.102 is NOT up-to-date on this server.[2/6/2016 12:35:57 PM] Embedded patch description: Update for Web Components Server[2/6/2016 12:35:57 PM] Embedded patch WebComponents.msp is referred by KB #3097642[2/6/2016 12:35:57 PM] Embedded patch WebComponents.msp can be researched at URL http://support.microsoft.com/?kbid=3097642[2/6/2016 12:35:57 PM] Embedded patch WebComponents.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {2A65AB9C-57AD-4EC6-BD4E-BD61A7C583B3} is at version 6.0.9319.102 and is associated with patch WebComponents.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] WebComponents.msp, version 6.0.9319.102 is up-to-date on this server.[2/6/2016 12:35:57 PM] Embedded patch description: Update for Skype for Business Web Application[2/6/2016 12:35:57 PM] Embedded patch EnterpriseWebApp.msp is referred by KB #3097647[2/6/2016 12:35:57 PM] Embedded patch EnterpriseWebApp.msp can be researched at URL http://support.microsoft.com/?kbid=3097647[2/6/2016 12:35:57 PM] Embedded patch EnterpriseWebApp.msp is at version 6.0.9319.102[2/6/2016 12:35:57 PM] Product with GUID {A185550F-9598-49B1-907A-E0BF5FBED77E} is at version 6.0.9319.102 and is associated with patch EnterpriseWebApp.msp which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] EnterpriseWebApp.msp, version 6.0.9319.102 is up-to-date on this server.[2/6/2016 12:35:57 PM] Product with GUID {3F699640-D097-457B-8229-0CE8F7B31DCB} is at version 6.0.9319.102 and is associated with patch SkypeForBusinessPerfCounters.msi which this installer has at version 6.0.9319.102[2/6/2016 12:35:57 PM] SkypeForBusinessPerfCounters.msi, version 6.0.9319.102 is up-to-date on this server.[2/6/2016 12:35:57 PM] Rewrite Module is at version 7.1.1952.0 and is associated with patch rewrite_2.0_rtw_x64.msi which this installer has at version 7.1.1952.0[2/6/2016 12:35:57 PM] rewrite_2.0_rtw_x64.msi, version 7.1.1952.0 is up-to-date on this server.[2/6/2016 12:35:59 PM] Beginning installation of selected binaries...[2/6/2016 12:35:59 PM] Executing command: msiexec.exe /update "C:\KB3061064\Server.msp" /passive /norestart /l*vx "C:\KB3061064\Server.msp-conBMLYNCSTD01-[2016-02-06][12-35-59]_log.txt"[2/6/2016 12:36:12 PM] ERROR 1603: Server.msp had errors installing.[2/6/2016 12:39:33 PM] ERROR: SkypeServerUpdateInstaller failed to successfully install all patches

Opening the LCSSetup_Commands in the %userprofile%\appdata\temp folder reveals the following:

& : The term 'Install-CsDatabase' is not recognized as the name of a cmdlet,

function, script file, or operable program. Check the spelling of the name, or

if a path was included, verify that the path is correct and try again.

At line:1 char:4

+ & Install-CsDatabase -Update -DatabaseType Registrar -Verbose

+ ~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (Install-CsDatabase:String) [],

CommandNotFoundException

+ FullyQualifiedErrorId : CommandNotFoundException

Solution

I performed quite a few troubleshooting steps but was unable to get past the error and what finally worked for me was to rerun the Setup or Remove Skype for Business Server Components in the Skype for Business Server 2015 – Deployment Wizard console:

Sunday, February 7, 2016

I was recently told by our telephony engineer that we needed to create a new UM dial plan with the URI Type set as SIP URI for our internal users that are using Exchange Unified Messaging for voicemail because of the migration from Exchange 2007 to 2013:

The GUI did not provide a way to simply move user accounts from one UM dial plan to another so I resorted to PowerShell cmdlets and thought it would be a good idea to document the process then blog it so I can reference it in the future.

Step #1 – Identify users in the legacy UM dial plan

Begin by identifying the users that you intend on moving from the legacy UM dial plan with the following cmdlet:

Saturday, February 6, 2016

I recently had to configure a Load Balanced LDAPS Load Balancing Virtual Server on a NetScaler version 11 for a client and since the procedure is slightly different than earlier versions, I took the time to document the steps so I can write this post for future reference. The Netscaler used in this example will be a VPX 200 NS11.0 62.10.nc:

Step #1 – Create Server Objects

Begin by logging into the NetScaler appliance and navigating to Traffic Management > Load Balancing > Servers and create the server objects that represent your domain controllers that will be used in the load balancing virtual server:

For this example, I will be creating 3 server objects for 3 Domain Controllers:

Step #2 – Create LDAPS Monitor

With the server objects created, navigate to Management > Load Balancing > Monitors to create the monitor object that will reach out to the domain controllers and execute an LDAPS query to verify the health of the server:

Type in a name to represent this monitor that will query servers to verify LDAPS is operational, select LDAP as the Type:

Leave all of the text fields as the default then scroll all the way down to the bottom and select the Secure checkbox:

**Note that previous to NetScaler version 11, we would have had to customize the regular LDAP monitor script (nsldap.pl) to perform LDAPS health verification.

Scroll back up to the top of the page and select the Special Parameters tab:

Proceed to fill in the following fields:

Script Name: nsldap.pl

Dispatcher IP: 127.0.0.1

Dispatcher Port: 3013

Base DN: dc=yourDomain,dc=com

Bind DN: svc_netscaler@yourDomain.com

Filter: cn=builtin

Password: <password for the service account>

Proceed by clicking on the Create button to create the monitor:

Step #3 – Create Service Group

With the server objects representing the domain controllers and monitor capable of querying to verify the health of LDAPS, continue by creating a service group that represents the domain controllers that will represent a physical site or a logical separation from other domain controllers in your environment. For the purpose of this example, I will be creating a group that represents domain controllers that reside in the same datacenter. Navigate to Management > Load Balancing > Service Groups and click on the Add button:

Type in a name to represent the Load Balancing Service Group then select SSL_TCP as the Protocol then click on the OK button to continue:

Proceed by clicking on the No Service Group Member item:

In the Create Service Group Member window, click on the Server Based option:

Then select the server objects that were created earlier to represent the domain controllers:

With the servers selected, put in the value 636 as the Port number then click on the Create button to create the Service Group Member:

Continue by clicking the OK button:

With the Service Group Members assigned, continue by clicking on the Monitors button on the right side of the menu then click on the No Service Group to Monitor Binding item:

In the Load Balancing Monitor Binding window, click on the Select Monitor option:

Select the LDAPS monitor that was created earlier in Step #2:

Click on the Bind button:

Before navigating out of the Load Balancing Service Group, click on the 3 Service Group Members item:

Select one of the domain controllers and then click on Monitor Details:

Verify that the Last Response status is labeled as Success – Probe succeeded:

Repeat for the other domain controllers then proceed to exit out of the monitors then click on Done to complete the creation of the Load Balancing Service Group:

It’s important to note that the Effective State may be labeled as DOWN after the initial creation but a few refreshes of the console should list it as being up:

Step #4 – Create the Load Balancing Virtual Server

With the server, the monitor and the service group representing the domain controllers created, proceed by importing the certificate that will be used to secure the traffic to the load balancing virtual server’s VIP when clients attempt to connect to the FQDN that resolves to the IP address:

Then create a new load balancing virtual server:

Enter a name to represent the load balancing virtual server, SSL_TCP as the Protocol, a unique IP address for this virtual server, and 636 for the Port and the Ok button to apply the configuration:

Continue by click on the No Load Balancing Virtual Server ServiceGroup Binding item:

Select the service group that was created earlier:

Click on the Bind button:

Click on the Continue button:

Click on the No Server Certificate item:

Select the certificate used for this load balancing virtual server:

Click on the Bind button to bind the certificate to the load balancing virtual server:

Click on the Continue button:

Then the done button to complete the creation:

The new load balancing virtual server representing the 3 domain controllers for LDAPS configuration is now ready to be used: